A recent cybersecurity report on Kenya says businesses are losing about $146m (£96m) every year to cyber-crime also South Africa’s Sunday Times newspaper reported that hackers launched 6,000 cyber-attacks against South African infrastructure, internet service providers (ISPs) and businesses in October alone.
Bright Mawudor, a Ghanaian cybersecurity expert at Pukyong National University in South Korea, says that most African banks, government agencies and ISPs, in the face of competition, prioritise what their website can do and how fast new features can be released to the public.
Security is an afterthought, he argues.
“These websites are usually outsourced to software development companies who get pressured to deliver quickly,” he says.
“Something that should take about a month has to be delivered in a week and is thus sub-standard. They always make a mistake and the hacker just has to find one.”
Rather than creating their own systems from scratch, there is a tendency to take a shortcut and use existing popular templates, which Mr Mawudor says can easily be breached.
He says he knows of several African governments that use these for their websites that can contain sensitive information including individuals’ personal details, which can be used for identity theft.
According to the recent Kenyan cybersecurity report, most African-based businesses, particularly small and medium-sized enterprises, are unable to withstand cyber-attacks.
“If there was the threat of a physical attack you would see a lot of fences and guards,” says William Makatiani of Serianu Limited which was behind the report.
“Unfortunately with cyber-attacks, very few people can detect them and you can go for up to a year without knowing you’ve been attacked.”
Mr Makatiani suggests the main reason some companies are waking up to the threat is because they are losing money, but he says they are only disclosing these incidents discreetly.
The types of crimes are also becoming more sophisticated – moving from password theft, to stealing credit card details to attacks on computer networks.
Even if the worst-affected businesses like banks and insurance companies improved their security, the ISPs are accused of not doing enough to create sufficient security for the small businesses they serve. Read original publication here